How to list secret scopes and identify key vaults

Question

What is the best way to view all existing secret scopes within a Databricks workspace? Additionally, how can we identify the specific Azure Key Vault linked to each of these secret scopes? I’d like to understand the steps or API calls needed to retrieve this information, especially in scenarios where multiple secret scopes and Key Vaults are in use within the same workspace. Any guidance on managing or auditing these connections would be helpful.

Answer 1

Hi @Gabriel-2005
Welcome to Microsoft Q&A platform and thanks for posting your query here.

If you'd like a quick way to identify which Key Vault a secret scope refers to, and you have access to the Azure portal, you can follow these steps:

1. List all existing secret scopes within your Databricks workspace by running:

      dbutils.secrets.listScopes()
   

2. List secrets within a specific scope to help determine which Key Vault each scope is connected to:

      dbutils.secrets.list("SCOPE_NAME")
   

This can help you identify the Key Vault associated with each scope, especially if you have a limited number of vaults, distinct key names, and list access in the Azure portal.

For more detailed management, you can also use:

• Databricks Secrets REST API: The list secret scopes API provides a way to view all secret scopes.
• Databricks CLI: Use the databricks secrets list-scopes command to display scopes along with the Key Vault URLs associated with them. Documentation is available here.

These methods should help with managing and auditing your secret scopes and Key Vault connections in Databricks.

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.